public IHttpActionResult ForgotPassword(ActivationRequest request) { try { var user = DbUtilities.GetUserByEmail(request.Email); if (user != null) { string validStatus = ValidationUtilities.ValidateForActivation(request, user, true); if (validStatus == Constants.SUCCESS_MSG) { User account = _context.Users.Where(a => a.Email == request.Email).SingleOrDefault(); //if (IsPasswordCorrect(request.Password, account)) // return BadRequest(ErrorCodes.PASSWORD_ALREADY_USED.ToString()); byte[] pwdhash = AuthorizationUtilities.hash(request.Password, account.Salt); // account.UpdatedAt = DateTime.UtcNow; account.ModifiedBy = request.Email; account.IsActivated = true; account.OTPCode = ""; //add the new password to the database account.Password = pwdhash; account.PwdStartDate = DateTimeOffset.UtcNow; account.IsLocked = false; _context.SaveChanges(); return(Ok(HttpUtilities.CustomResp(ErrorCodes.PWD_UPDATED.ToString()))); } else { return(BadRequest(validStatus)); } } else { //user doesn't exists return(BadRequest(ErrorCodes.INVALID_USER.ToString())); } } catch (Exception ex) { LGSELogger.Error(ex); return(InternalServerError(ex)); } }